spring-saml

问题 We have a Spring MVC (4.0.5) application with Spring Security (3.2.4) which includes CSRF protection which works fine. We are now adding the SAML security extension (spring-security-saml2-core 1.0.0) which causes an issue with CSRF protection. The metadata has been configured on SSOCircle and trying to access http://localhost:8080/myapp directs to the login page on SSOCircle. After authentication, the browser redirects to http://localhost:8080/myapp/saml/SSO and generates an error: HTTP

问题 I'm trying to set up a SP based on "spring-security-saml2-sample", but when I deploy the WAR file on Tomcat I get the following exception: Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@443c35d3 failed, provider will be ignored org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from https://dominio.com/fed/idp/metadata at org.opensaml.saml2

问题 I'm trying to set up a SP based on "spring-security-saml2-sample", but when I deploy the WAR file on Tomcat I get the following exception: Initialization of metadata provider org.opensaml.saml2.metadata.provider.HTTPMetadataProvider@443c35d3 failed, provider will be ignored org.opensaml.saml2.metadata.provider.MetadataProviderException: org.opensaml.saml2.metadata.provider.MetadataProviderException: Error retrieving metadata from https://dominio.com/fed/idp/metadata at org.opensaml.saml2

问题 I want remember url request parameter from first request of my site (SP) and use them after response from IdP. I'm using spring-saml extension and think about relayState attribute but can't find example how build it with parameters from request. I need that for redirect user after sso authentication process to target page (module of application) depends on what was in first request. 回答1: Spring SAML sample application behaves like this out of the box. When user hits a page which is protected

问题 I followed chapter 12.0 instructions about using spring with adfs as IdP from here : http://docs.spring.io/spring-security-saml/docs/1.0.x-SNAPSHOT/reference/pdf/spring-security-saml-reference.pdf But I have an exception when I test the SSO : org.opensaml.common.SAMLException: NameID element must be present as part of the Subject in the Response message, please enable it in the IDP configuration I added the rule NameID as described in the document. We use ADFS 3.0 on a server and Tomcat on

问题 I am using Spring SAML in a multi-tenant application to provide SSO. Different tenants use different urls to access the application, and each has a separate Identity Provider configured. How do I automatically assign the correct Identity Provider given the url used to access the application? Example: Tenant 1: http://tenant1.myapp.com Tenant 2: http://tenant2.myapp.com I saw that I can add a parameter idp to the url (http://tenant1.myapp.com?idp=my.idp.entityid.com) and the

问题 I've implemented SSO using Spring SAML and everything is working fine. It worked with the following IDP's till now: 1) idp.ssocircle.com 2) openidp.feide.no Now I'm testing with salesforce.com as my Identity Provider. As there is no provision to upload Service Provider Metadata I've done the following configuration settings at its IdP: Gave my entityID and Assertion Consumer Service URL. I also uploaded my SP certificate. I've downloaded its metadata (idp metadata) which is as follows (hiding

问题 I need to add a request parameter (e.g. locale=en) to the SAML request in order to let the login page display correct language. How do I do that? I tried to add the attribute to the HttpServletRequest sent as an argument to the commence method (SamlEntryPoint), but that doesn't seem to work. Any suggestions? 回答1: SAML provides a standard mechanism for extending content sent in authentication requests - an Extensions element. In order to use it you will need to coordinate with your IDP on what

问题 I have generated testIdp.cer file by copying 509 entry of the IDP I am planning to connect. Then I created JKS file by executing the following command keytool -importcert -alias adfssigning -keystore C:\Users\user\Desktop\samlKeystore.jks -file C:\Users\user\Desktop\testIdp.cer When executed it has asked to enter a password for which I have given a password. For the question "Trust this certificate? [no]:", I have given "y" as input. Message came out as "Certificate was added to keystore".

问题 I have a few questions about about how SSL (HTTPS) connections are handled with the Spring Security SAML extension v1.0 release. I'm using the extension to develop an SP. The remote IDP I'm using has an HTTPS URL. I have the root and issuing certificates for that SSL cert in my JRE cacerts keystore used by Tomcat. The metadata for the IDP is loaded just fine via the HTTPMetadataProvider . In the ExtendedMetadata for my SP's metadata, I have: <property name="securityProfile" value="metaiop"/>